NSX Microsegmentation Part 2 : Transforming Architecture to Policies

Welcome back!!! Now that we developed the microsegmentation architecture for the fictitious customer Corp-XYZ, we will move ahead and transform the architecture to DFW policies. If you missed Part 1, you can read it below: https://vxplanet.com/2022/11/30/nsx-microsegmentation-part-1-developing-the-architecture/ Let’s get started: Defining tags and security boundaries (virtual zones) Based on the design decisions we developed in Part…… Continue reading NSX Microsegmentation Part 2 : Transforming Architecture to Policies

NSX Microsegmentation Part 1 : Developing the Architecture

Distributed Firewall (DFW) is one of the powerful security features of NSX. Distributed Firewall is an East-West Firewall used for network segmentation and microsegmentation to achieve zero-trust protection for the environment. The DFW exists in the kernel of the hypervisor and the rules are enforced at the vnic level of the virtual machines. DFW rules…… Continue reading NSX Microsegmentation Part 1 : Developing the Architecture

NSX Security : Trust on First Use (TOFU) and Trust on Every Use (TOEU) Explained

When dealing with Spoofguard, address learning and distributed firewall (DFW), we need to consider two modes under the IP discovery profile of segments called “Trust on First Use (TOFU)” and “Trust on Every Use (TOEU)”. Understanding these modes is important as this has a dependency with spoofguard as well as to avoid DFW bypassing in…… Continue reading NSX Security : Trust on First Use (TOFU) and Trust on Every Use (TOEU) Explained

NSX 4.0 Proxy ARP support on Active/Active Tier-0 Gateway

Until NSX-T version 3.2, Proxy ARP configuration on the T0 Gateway required that the gateway to be deployed in Active-Standby mode. I wrote an article around the same for use with vSphere with Tanzu during February last year. If you missed it, you can read it below: https://vxplanet.com/2021/02/12/nsx-t-architecture-in-vsphere-with-tanzu-part-4-proxy-arp-gateways/ To understand what Proxy ARP is, it…… Continue reading NSX 4.0 Proxy ARP support on Active/Active Tier-0 Gateway

NSX 4.0 Edge Node Design with four Datapath Interfaces

NSX-T introduced support for four datapath interfaces in release 3.2.1 which allows for more flexibility in achieving deterministic traffic flows for East-West and North-South traffic by decoupling the East-West TEP traffic and North-South traffic over BGP on separate interfaces on the edge nodes. Prior to release 3.2.1, we used named teaming policies for deterministic steering…… Continue reading NSX 4.0 Edge Node Design with four Datapath Interfaces

VMware Explore (VMworld) and how it has helped me over these years

I just registered for the biggest event of the year – VMware Explore 2022 US happening at the Moscone Center in San Francisco, California from Aug 29 – Sept 1, 2022. I am a big fan of VMware Explore event but have never attended in-person and this will be my first in-person experience at the…… Continue reading VMware Explore (VMworld) and how it has helped me over these years

NSX ALB Cloud Migrator – Part 3 – Virtual Service Migration from No-Orchestrator Cloud to vCenter Cloud

In my previous Part 2 of the blog series on NSX ALB Cloud migrator, we discussed the migration scenario for virtual applications from NSX ALB vCenter Cloud account to No-Orchestrator Cloud. Now let’s do the reverse migration. ie, from a No-Orchestrator Cloud to vCenter Cloud. I am reusing the same cloud accounts and virtual applications…… Continue reading NSX ALB Cloud Migrator – Part 3 – Virtual Service Migration from No-Orchestrator Cloud to vCenter Cloud

NSX ALB Cloud Migrator – Part 2 – Virtual Service Migration from vCenter Cloud to No-Orchestrator Cloud

Let’s continue our virtual service migration scenarios with the NSX ALB Cloud migrator, this is Part 2 and let’s migrate our applications from an NSX ALB vCenter Cloud account to a No-Orchestrator cloud account. The migration tool, release notes and usage instructions are available in my Github repo at: https://github.com/harikrishnant/NsxAlbCloudMigrator Use cases for migration to…… Continue reading NSX ALB Cloud Migrator – Part 2 – Virtual Service Migration from vCenter Cloud to No-Orchestrator Cloud

NSX ALB Cloud Migrator – Part 1 – Virtual Service Migration Across vCenter Cloud Accounts

In the previous blog post about my community project – NSX ALB Cloud Migrator, we looked at the project overview, migration workflow, current capabilities, limitations and usage instructions. We will now start doing some migration scenarios for virtual services across NSX ALB Clouds and VRF Contexts. If you missed the Introductory article, you can read…… Continue reading NSX ALB Cloud Migrator – Part 1 – Virtual Service Migration Across vCenter Cloud Accounts